GCVE - cpe:2.3:o:yealink:sip-t21\(p\)e2_firmware:52.84.0.15:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:yealink:sip-t21\(p\)e2_firmware:52.84.0.15:*:*:*:*:*:*:*

part: o version: 52.84.0.15 update: *

Vendor	Yealink (`bb00dccf-901c-54fe-84ea-6136ece47bd5`)
Product	Sip T21(P)E2 Firmware (`adbe92be-05a9-5b80-8118-191ef09a9124`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-66738`	vulnerable	2026-06-03 15:11:01.134556	Details available An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. Published: 2025-12-26T00:00:00.000Z Updated: 2025-12-27T15:34:23.693Z Open on db.gcve.eu Reference links http://yealink.com https://drive.google.com/file/d/13t5ywSPJMx4487njJcH3ZTNuc_k3h4ty/view?usp=sharing	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-66737`	vulnerable	2026-06-03 15:11:01.132962	Details available Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component. Published: 2025-12-26T00:00:00.000Z Updated: 2025-12-27T15:32:56.787Z Open on db.gcve.eu Reference links http://yealink.com https://drive.google.com/file/d/1MpxnCL4koKupqWWDmY3ljlybjIPD8ieD/view?usp=sharing	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.